Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Government Businesses Communications IOS Iphone Operating Systems Software The Courts United States News Your Rights Online Apple Build Hardware Technology

FBI Tells Congress It Needs Hackers To Keep Up With Tech Company Encryption (buzzfeed.com) 103

An anonymous reader quotes a report from BuzzFeed: A high ranking technology official with the FBI told members of Congress Tuesday that the agency is incapable of cracking locked phones and devices on its own, even with additional resources. Amy Hess, the agency's executive assistant director for science and technology told a panel of the House Energy and Commerce Committee that encrypted communications continue to pose a challenge to the American law enforcement, and to the safety of the American public. But when asked by lawmakers to provide a practical solution beyond the FBI's talking points, she said that the cooperation of technology companies would be necessary. According to the New York Times, "The FBI defended its hiring of a third-party company to break into an iPhone used by a gunman in last year's San Bernardino, Calif., mass shooting, telling some lawmakers on Tuesday that it needed to join with partners in the rarefied world of for-profit hackers as technology companies increasingly resist their demands for consumer information." They are stressing the importance of cooperation with tech companies and "third parties" to help fight terrorism, claiming they do not have the capabilities and resources available to crack encrypted devices. Congress is currently debating potential legislation on encryption.
This discussion has been archived. No new comments can be posted.

FBI Tells Congress It Needs Hackers To Keep Up With Tech Company Encryption

Comments Filter:
  • Dear FBI and US Gov (Score:5, Informative)

    by Quzak ( 1047922 ) on Tuesday April 19, 2016 @06:50PM (#51944035)
    We will keep making more sophisticated encryption. You will not beable to keep pace with our progress. We do not want you in our devices, fuck your laws. Crapfully yours, The internet
    • by msauve ( 701917 ) on Tuesday April 19, 2016 @07:28PM (#51944235)
      It's a free speech issue. Whether someone chooses to speak in plain English, Swahili, or encryption, it all falls under an absolute right to speak as they wish.

      Sure, the anarchists/communists/terrorists/boogyman may get away with something, but that's the cost of freedom. With liberty comes risk. And it's liberty which we've been guaranteed, not security against all comers.
    • by ArmoredDragon ( 3450605 ) on Tuesday April 19, 2016 @07:31PM (#51944257)

      I think one of the bigger things hurting the FBI is they are so exclusive towards otherwise talented people compared to the private sector, and so their human resource pool leaves a lot to be desired. For example, even though polygraph is nothing more than an intimidation tactic that is basically useless, (and people who know it's a load of crap aren't intimidated by it) they won't hire anybody without subjecting them to it. They also exclude anybody who has at any point in their life consumed cannabis, which is in many ways more benign than alcohol.

      On top of it all, they don't pay shit compared to private sector jobs. (In only my second year after graduation, I already make more than most FBI agents at GS12 by just doing datacenter work.)

      • by raymorris ( 2726007 ) on Tuesday April 19, 2016 @08:13PM (#51944413) Journal

        I've worked in information security for a long time. I 've spoken with colleagues at various government agencies and learned that indeed they don't have a expertise far beyond what's available in the private sector; the movies are as fictional in that respect as they are in others. They do need assistance from the private side of the infosec community.

        Fifteen years ago, I would have been happy to assist those who protect and serve if they were working on some actual crime, such as a murder case I was once contacted about. Since Snowden and other events, it's become quite clear that the federal government is not the good guys, for any definition of "good guys".

        There's no single solution, but there is one thing that would really help. Prior to 9/11, international spy agencies such as the NSA were prohibited from sharing information with domestic police at agencies such as the FBI. The thinking was that the techniques and mindset used against our enemies, such as North Korea, shouldn't be used against our own citizens. After 9/11 it was determined (correctly) that the prohibition on cooperation made it more difficult to defend against attacks, so the rules were weakened or eliminated and cooperation between intelligence and law enforcement was encouraged. We need to put those walls back in place. Yes it will make defending against attacks more difficult, but it's worth it because the alternative turns out to be having the NSA and FBI attacking the citizens.

        • It's a general problem with police forces in general. A police force can only function effectively if it has the consent and support of the population. To do this, it has to be seen as being on the side of the majority of the population. When you pass laws that criminalise the majority and when you cut funding for police programs that visibly assist the community, then this breaks down.
      • by Mr.CRC ( 2330444 )
        Sounds like a cult the way you describe the FBI.
    • by tom229 ( 1640685 )
      Well YOU won't do anything, that's clear. If you had the knowledge required you'd know that strong enough encryption already exists. Run something through even a 1024 bit cipher a couple times and it becomes pretty damn impossible to crack without known vulnerabilities or super computers. The problem phones face is that touch screen phones are difficult to secure with complex passwords. This means user passwords are incredibly vulnerable to brute force. There's really nothing that can be done about this bey
      • by Steve B ( 42864 )

        touch screen phones are difficult to secure with complex passwords

        That's why one of the built-in security features is to accept password input only via the touchscreen, and only with escalating time delays after a few wrong guesses. Those are two of the features the government wanted Apple to bypass by writing a custom FBiOS.

        • by tom229 ( 1640685 )
          Those security features require the data to be mounted within the iPhone's runtime processes. You can always reverse engineer (or get a source code leak of) their encryption algorithm, mount the data (or a copy of it) externally, and brute force it that way. A 4 digit pin is what? 100,000 combinations? It wouldn't even take a second to brute force. I'd imagine this is close to what the FBI ended up doing.
    • We will keep making more sophisticated encryption. You will not beable to keep pace with our progress. We do not want you in our devices, fuck your laws.t

      As one of the people who makes the crypto in the devices, I am delighted that the overreaching government actions have made it much easier for me to argue to do the right thing in terms of taking security seriously at all levels in our products and I assume this is the same in many companies. People have been claiming to do this for ever, but the apple-fbi thing really got engineers to think about it the right way.

  • by Anonymous Coward

    What are we paying the NSA for?

    • by msauve ( 701917 )
      FCK the NSA.
    • by gweihir ( 88907 )

      The NSA is not into getting convictions and keeping the prisons full. The NSA is into getting information. They will never expose a source unless there is an extremely good reason from _their_ POV. Incidentally, that is why no state with an intact rule-of-law ever allows information from a secret agency to be used by law-enforcement.

  • by Anonymous Coward on Tuesday April 19, 2016 @06:59PM (#51944067)

    I find it strange that nobody seems to mention that law enforcement worked just fine in ancient history when private conversations were not recorded at all. The government could not get a transcript on demand because there was none. Likewise, the government still is unable to read our thoughts. Why should a thought be treated differently when it is expressed in speech or electronically through writing? Why should the government feel hamstrung by inability to read our encrypted written thoughs when it still can not read them while they reside in our heads? Should we not demand that both be treated as private without question and inaccessible to government extortion? Law enforcement has done just fine without reading our thoughs for centuries; it should do just fine in the future without reading our encrypted letters.

    • If there were thought reading devices (and I'm sure there will be one day), they'd want them to be used as well.

  • by liqu1d ( 4349325 )
    Public vs private pay packet? Easy win.
  • by Hadlock ( 143607 ) on Tuesday April 19, 2016 @07:02PM (#51944089) Homepage Journal

    Should it come to any surprise that the people they need don't want to work for the government? Or fled to Berlin to escape a similar fate?
     
    If you keep backdooring encryption and ostracizing your own citizens who are strong on security, you can't expect to have any citizens who particularly want to help you out.
     
    You can't just throw warm bodies at the problem like you can with traditional war. The Germans lost Einstein and countless other academic Jews to countries like the United States and Russia in WW2, and now the same thing is happening with security experts in the United States. Good luck with that.

    • by Anonymous Coward

      Pretty much this.

      The U.S. government has more-or-less shown their disdain for "hackers" - and Congress jokes about their distaste for "technology" every chance they get, with several of them often reminding people that they don't use email, etc. as if that's some kind of evil.

      Technologically-inclined individuals are often treated with distrust and suspicion - especially if they're security researchers trying to show others how poorly their personal data is being handled.

      Why would those in this sector give a

      • by gweihir ( 88907 )

        Very much this. In addition, you will find very few bright, capable and educated people that will want to work for the government in the first place. The government is where ideas, enthusiasm and individual freedom goes to die and they pay badly in addition. It is a valid way out for the mediocre that just want a master to serve, but that is it.

    • by Anonymous Coward

      The irony of this is that due to US anti-hacking laws, those hackers are likely to increasingly come from overseas which could completely turns the NSA's dual directives on their head of foreign signals intelligence and domestic signals defense. They'll have to work with foreign hackers for domestic signals intelligence.

    • by gweihir ( 88907 )

      Indeed. One of the last steps in this process is prevent citizens from leaving the country by use of mine-fields, electric fences, etc. to limit the brain-drain. That has never worked well either.

      • by Agripa ( 139780 )

        Indeed. One of the last steps in this process is prevent citizens from leaving the country by use of mine-fields, electric fences, etc. to limit the brain-drain. That has never worked well either.

        It does not work in Sim City either. Of course I lacked mines and fencing and could only bulldoze the roads leading away.

    • What has my curiosity at the moment is this:

      While the lawmakers made sure that the Government and various law enforcement agencies are exempt from the circumvention rules of the DMCA, I don't see where that would apply to the use of non-government or non-law enforcement talent. Being within the employ of the FBI itself, ( thus subject to US laws ) is one thing, resorting to non-US talent is quite another.

      How can we hope to keep anything in check if our own government is going to utilize non-US talent to ci

  • Maybe if the FBI stopped requiring drug tests and lie detector tests for those employees it wants to be security and programming experts / hackers of its own, they might get some better applicants. The Venn diagram of those qualities reduces your option pool by quite a lot.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      Most hackers would not compromise their ethics enough for the FBI

    • How can you insult the intelligence of hires with a "lie detector" test? I mean you walk in and they say, oh we want the best and brightest, now line up for your lie detector test. Really, does that work?

    • by PRMan ( 959735 )
      I've never done drugs but I would never work for the FBI, especially with the last 2 directors at the helm.
  • The FBI wants to grow the market-sector of black-hat hacking? (Yes, I know, but language evolves, so I use the 'press-accepted' term here.)

    In what reality could this conceivably be a good idea? Tons of new "exploit-mining" companies would spring up. Many would then have the FBI as perhaps one of their clients.

    We already saw this with Symantec in the 1980's giving away $50 for each 'new' or even 'variant' of a virus that someone 'discovered'. They helpfully provided examples – you know, for trainin

    • I missed mentioning that current US Law on 'cyber-security' would mean that most or all of these new companies would be based outside of the US, quite likely putting them beyond the reach of US Law (outside their contracts with the FBI), as long as they chose their country-of-incorporation and activity wisely.

    • As is often the case, Terry Pratchett had some wise/comic insights which are relevant.

      "How Vetinari himself ascended to the Patricianship is a story yet untold. It is known that his advice was heeded by Snapcase's administration on at least one occasion: when a 20p bounty on rat tails was introduced to combat a serious rodent infestation, but threatened to drain the treasury dry without curtailing the rats' numbers. Vetinari's suggestion to "tax the rat farms" provided an early demonstration of his shrewd p

      • As is often the case, Terry Pratchett had some wise/comic insights which are relevant.

        "How Vetinari himself ascended to the Patricianship is a story yet untold. Vetinari's suggestion to "tax the rat farms" provided an early demonstration of his shrewd political insight. "

        Relevant and incisive quote indeed!

    • by tom229 ( 1640685 )
      I think as soon as you start "hacking" for law enforcement the color of your hat changes. Isn't that the entire definition?
      • I think as soon as you start "hacking" for law enforcement the color of your hat changes. Isn't that the entire definition?

        To what?

        "Blue-hat" hacker?

        Shall we coin a term right here, right now? (I do not advocate this idea.)

  • The FBI becomes indistinguishable from black hats.

  • Who else are they going to turn to? All the honest, moral people gave them the finger.

    • by PRMan ( 959735 )
      No. They gave us the finger.
      • by tom229 ( 1640685 )
        No, no, Apple gave them the finger. Before you continue to have an opinion on this I'd suggest you read the full text of the court order. It's very easy to find online, it's short, and it's in plain English. It includes provisions in it that allow Apple to set up a secure lab for which the fbi only has remote access to, among other provisions. The order is very careful to make sure the fbi only has access to this one device. The permanent backdoor hyperbole was crafted by Apple and worked very well on a pop
  • By their own laws the people they seek to "help" them are not "hackers" but "crackers" who would normally pursued and locked up by that same FBI. Don't tehy have NSA assets to use? No, because even the NSA cannot blatantly circumvent what Congress has ruled over and over regarding mandatory back doors. No, they are looking for criminals because they are engaging in crime and in circumvention of he will of the people. They must be treated as law breakers.

  • The US already have a bunch of very bright hackers on its payroll. They work down at Fort Meade in a big glass building with NSA written on the front of it.

    What this smacks of, is kingdom building. The FBI is trying to bolster its own little playpen, instead of playing nicely with others and asking the NSA for help.

    The FBI simply wants a bigger budget.

  • Take away the academy, weapons qualification, etc parts and will let them get more people as well as older tech pro's who should not be cut out if they are.

    older than 37 (right now only have an Veterans ones)

    don't have the right degree (they can also add more wavers)

    driver’s license (easy to get but there are people in areas where you don't need a car)

    There should be non field desk job roll that even some in wheel chair can do tech stuff for the FBI.

    • by JASegler ( 2913 )

      Would that matter?

      I'm surprised they can find anyone who would claim to be a Hacker to work with them.

      Low pay.
      Poor track record sticking to the letter of the law, let alone the spirit of the law.
      Do illegal things and hide them behind national security.

      To me it is no different than the scientists that won't work on weapons technology for the military.

      We can't trust them to use that kind of power responsibly at any level (local, state, or federal law enforcement).
      The proper checks and balances are just not th

    • There should be non field desk job roll that even some in wheel chair can do tech stuff for the FBI.

      There probably are. There is law that lets people declared permanently disabled by the SSA –people on SSDI – "go to the front of the line". Effectively, from the bits I've read, anyone SSDI disabled, applying for a Federal Government job:

      * Gets to skip the resume-culling steps that everyone else must pass through—They get to be considered in the last round.
      * Is entitled to 'special considerations'. Not just wheelchair ramps, but flexible scheduling and si

  • There is no right of the government to monitor communications. Before we had communications technology, it was all but impossible. The telegraph offered the first viable method for the government (and others) to spy on any and all communications, followed by the telephone, the cellphone, email, texts, etc. At each step, security was an afterthought, and so it provided a larger and larger attack surface. Governments (and others) have enjoyed the access that inattention has brought for too long. For so l

  • And sloshes back up to The Hill. These Congressional leaders know what they know and don't listen to no scientists! The contempt and fear is palpable. When reality doesn't conform, they resort to threats, blame games and force.

    So the FBI can't find talented people to help them with imaginary, badly conceived, and wrongheaded problems. I'm shocked, I tell you, shocked!

I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour ... -- F. H. Wales (1936)

Working...